Summary
This host is installed with Google Chrome and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code in the context of the browser, cause denial-of-service conditions, or disclose sensitive information.
Impact Level: Application
Solution
Upgrade to Google Chrome version 5.0.375.127 or later, For updates refer to http://www.google.com/chrome
Insight
The flaws are due to:
- A memory corruption with 'Geolocation' support.
- An error in supporting the 'Ruby' language.
- An error in 'Omnibox' implementation, which fails to anticipate entry of passwords.
- An Error in implementing the notifications feature, history feature.
- A memory corruption in 'MIME' type handling.
- An error in text-editing implementation, which fails to properly perform casts, which has unspecified impact and attack vectors.
- A memory corruption error when processing 'SVG' files, file dialogs.
- An unspecified error in the 'Windows kernel', which has unknown impact and attack vectors.
Affected
Google Chrome version prior to 5.0.375.127 on Windows
References
Severity
Classification
-
CVE CVE-2010-3111, CVE-2010-3112, CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3117, CVE-2010-3118, CVE-2010-3119, CVE-2010-3120 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)